Using Security in CORBA Applications
SecurityLevel2::Credentials::invocation_options_supported
Synopsis
Indicates the maximum number of security options that can be used when establishing an SSL connection to make an invocation on an object in the BEA Tuxedo domain.
OMG IDL Definition
attribute Security::AssociationOptions
invocation_options_supported
;
Argument
None.
Description
This method should be used in conjunction with the SecurityLevel2::Credentials::invocation_options_required
method.
The following security options can be specified:
Security Option
|
Description
|
NoProtection
|
The SSL protocol does not provide message protection.
|
Integrity
|
The SSL protocol provides an integrity check of messages. Digital signatures are used to protect the integrity of messages.
|
Confidentiality
|
The SSL connection protects the confidentiality of messages. Crytography is used to protect the confidentiality of messages.
|
DetectReplay
|
The SSL protocol provides replay detection. Replay occurs when a message is sent repeatedly with no detection.
|
DetectMisordering
|
The SSL protocol provides sequence error detection for requests and request fragments.
|
EstablishTrustInTarget
|
Indicates that the target of a request authenticates itself to the initiating principal.
|
NoDelegation
|
Indicates that the principal permits an intermediate object to use its privileges for the purpose of access control decisions. However, the principal's privileges are not delegated so the intermediate object cannot use the privileges when invoking the next object in the chain.
|
SimpleDelegation
|
Indicates that the principal permits an intermediate object to use its privileges for the purpose of access control decisions, and delegates the privileges to the intermediate object. The target object receives only the privileges of the client application and does not know the identity of the intermediate object. When this invocation option is used without restrictions on the target object, the behavior is known as impersonation.
|
CompositeDelegation
|
Indicates that the principal permits the intermediate object to use its credentials and delegate them. The privileges of both the principal and the intermediate object can be checked.
|
Return Values
The list of defined security options.
If the Tobj::TuxedoSecurity
security mechanism is used to create the security association, only the NoProtection
, EstablishTrustInClient
, and SimpleDelegation
security options are returned. The EstablishTrustInClient
security option appears only if the security level of the CORBA application is defined to require passwords to access the BEA Tuxedo domain.
Note: A CORBA::NO_PERMISSION
exception is returned if the security options specified are not supported by the security mechanism defined for the CORBA application. This exception can also occur if the security options specified have less capabilities than the security options specified by the SecurityLevel2::Credentials::invocation_options_required
method.
The invocation_options_supported
attribute has set()
and get()
methods. You cannot use the set()
method when using the Tobj::TuxedoSecurity
security mechanism to get a Credentials object. If you do use the set()
method with the Tobj::TuxedoSecurity
security mechanism, a CORBA::NO_PERMISSION
exception is returned.